freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Author	SHA1	Message	Date
Alexander Bokovoy	ed3dddab87	AD trust: improve trust validation Trust validation requires AD DC to contact IPA server to verify that trust account actually works. It can fail due to DNS or firewall issue or if AD DC was able to resolve IPA master(s) via SRV records, it still may contact a replica that has no trust data replicated yet. In case AD DC still returns 'access denied', wait 5 seconds and try validation again. Repeat validation until we hit a limit of 10 attempts, at which point raise exception telling what's happening. https://fedorahosted.org/freeipa/ticket/4764 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-25 12:23:17 +01:00
Jan Cholasta	d55936756d	Fix memory leak in GetKeytabControl asn1 code https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	66a42e67f3	Fix unchecked return value in krb5 common utils https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	47a08f3498	Fix unchecked return value in ipa-join https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	8b13c30dc2	Fix unchecked return values in ipa-winsync https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	c8bc6b8818	Fix unchecked return value in ipa-kdb https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	eed7fb6378	Fix Kerberos error handling in ipa-sam https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	968e1bbcf8	Unload P11_Helper object's library when it is finalized in ipap11helper https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Jan Cholasta	313da898bb	Remove redefinition of LOG from ipa-otp-lasttoken https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-25 08:23:24 +00:00
Petr Viktorin	e57b7b5e87	copy_schema_to_ca: Fallback to old import location for ipaplatform.services This file is copied to older servers that might not have the ipaplatform refactoring. Import from the old location if the new one is not available. https://fedorahosted.org/freeipa/ticket/4763 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-25 09:20:28 +01:00
David Kupka	56ca47d535	Fix error message for nonexistent members and add tests. https://fedorahosted.org/freeipa/ticket/4643 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-24 16:04:57 +01:00
Petr Vobornik	b42b1755dc	webui: normalize idview tab labels ID View tab labels are no longer redundant. https://fedorahosted.org/freeipa/ticket/4650 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-24 15:01:06 +01:00
Petr Vobornik	f70d859b39	webui: use domain name instead of domain SID in idrange adder dialog It's more user friendly. Almost nobody remembers SIDs. https://fedorahosted.org/freeipa/ticket/4661 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-24 14:43:09 +01:00
Martin Basti	230df95ed9	Fix detection of encoding in zonemgr option Ticket: https://fedorahosted.org/freeipa/ticket/4762 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2014-11-24 13:20:35 +00:00
Rob Crittenden	5c0ad221e8	Use NSS protocol range API to set available TLS protocols Protocols are configured as an inclusive range from SSLv3 through TLSv1.2. The allowed values in the range are ssl3, tls1.0, tls1.1 and tls1.2. This is overridable per client by setting tls_version_min and/or tls_version_max. https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2014-11-24 13:09:44 +00:00
Jan Cholasta	aa9ecb253a	Stop tracking certificates before restoring them in ipa-restore https://fedorahosted.org/freeipa/ticket/4727 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-11-21 16:29:51 +01:00
David Kupka	373bbee4e3	ipa-restore: Check if directory is provided + better errors. https://fedorahosted.org/freeipa/ticket/4683 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 15:19:56 +01:00
Jan Cholasta	71c4d3e979	Use correct service name in cainstance.backup_config https://fedorahosted.org/freeipa/ticket/4754 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-11-21 13:22:11 +01:00
Petr Viktorin	d42c26c542	test_integration: Adjust tests for pytest - Customize install() instead of setup_class() - Use pytest parametrization instead of test generators Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	29c28786e3	Integration tests: Port the BeakerLib plugin and log collection to pytest Move the IPA-specific log collection out of the Beakerlib plugin. Add the --logfile-dir option to tests and ipa-test-task, so that logs can be collected even if BeakerLib is not used. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	0ad5c57f62	Switch integration testing config to a fixture The hack of storing the config on the class is left in; it would be too much work for too little gain at this time. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	eaad0a9ced	Switch ipa-run-tests to pytest https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	48de128571	Add local pytest plugin for --with-xunit and --logging-level The --with-xunit option ihas the same behavior as in nosetests: it's an alias for pytest's --junitxml=nosetests.py The --logging-level option enables direct IPA logging to stdout. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	bca6a147e6	Switch make-test to pytest The unused capability to run on multiple Python versions is removed, and needed arguments are now listed in pytest.ini, leaving just a simple call to the actual test runner. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	3a9a98b285	Integration tests: Port the ordering plugin to pytest Ordered integration tests may now be run with pytest. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	0cb12f3cde	Declarative tests: Switch to pytest Provide a local pytest plugin to generate tests. The Declarative tests can now only be run with pytest https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	07def0b275	Declarative tests: Move cleanup to setup_class/teardown_class https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	dca259afc6	Configure pytest to run doctests The pytest.ini file needs to be in or above the directory py.test is called in. When in IPA project root, this invocation will find ./ipatests/pytest.ini: py.test ipatests/ but these will not (they're equivalent): py.test . py.test So pytest.ini must be in the project root. However, setupttols can't include files outside package directories, so we also need this file to be under ipatests/ Solve the problem by symlinking ./pytest.ini to ipatests/pytest.ini. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	387b8b46b8	test_ipapython: Use functions instead of classes in test generators pytest's support for Nose-style test generators is not bulletproof; use a real function to please it. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	82e41dc7a4	test_webui: Don't use __init__ for test classes https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	b64f91fb43	dogtag plugin: Don't use doctest syntax for non-doctest examples https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	93c69b5127	Use setup_class/teardown_class in Declarative tests Pytest will consider each Declarative test individually, running setup/teardown for each one. Move the setup and teardown to the class level. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	84bd4c1246	test_automount_plugin: Fix test ordering Nose ran the `test_a_` and `test_a2_` tests in opposite order than the source suggested. Fix this. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	f3409ea031	ipatests.util.ClassChecker: Raise AttributeError in get_subcls Pytest considers NotImplementedError on attribute access an error. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	2b24faf3c1	tests: Add configuration for pytest By default, pytest considers test classes only if they're named 'Test'; Nose also allows 'test_'. Configure pytest to allow the non-pep8 names as well. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Petr Viktorin	375e9f7c4b	tests: Use PEP8-compliant setup/teardown method names The setUp/dearDown names are used in the unittest module, but there is no reason to use them in non-`unittest` test cases. Nose supports both styles (but mixing them can cause trouble when calling super()'s methods). Pytest only supports the new ones. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-21 12:14:44 +01:00
Martin Basti	7de424f425	Fix: read_ip_addresses should return ipaddr object Interactive prompt callback returns list of str instead of CheckedIPAddress instances. Ticket: https://fedorahosted.org/freeipa/ticket/4747 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2014-11-21 08:54:17 +00:00
Simo Sorce	b1a30bff04	Use asn1c helpers to encode/decode the getkeytab control Replaces manual encoding with automatically generated code. Fixes: https://fedorahosted.org/freeipa/ticket/4718 https://fedorahosted.org/freeipa/ticket/4728 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>	2014-11-20 10:52:13 -05:00
Simo Sorce	c6afc489a1	Add asn1c generated code for keytab controls Instead of manually encoding controls, use an actual asn1 compiler. The file asn1/asn1c/ipa.asn1 will contain ipa modules. The generated code is committed to the tree and built into a static library that is linked to the code that uses it. The first module implements the GetKeytabControl control. Related: https://fedorahosted.org/freeipa/ticket/4718 https://fedorahosted.org/freeipa/ticket/4728 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>	2014-11-20 10:52:13 -05:00
Simo Sorce	b170851058	Fix filtering of enctypes in server code. The filtering was incorrect and would result in always discarding all values. Also make sure there are no duplicates in the list. Partial fix for: https://fedorahosted.org/freeipa/ticket/4718 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>	2014-11-20 10:52:13 -05:00
David Kupka	35dad9684b	Fix --{user,group}-ignore-attribute in migration plugin. Ignore case in attribute names. https://fedorahosted.org/freeipa/ticket/4620 Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-11-20 16:49:13 +01:00
Martin Basti	58737c7791	Fix pk11helper module compiler warnings Ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-11-20 16:46:30 +01:00
Petr Vobornik	a3c799f2f4	restore: clear httpd ccache after restore so that httpd ccache won't contain old credentials which would make ipa CLI fail with error: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed) https://fedorahosted.org/freeipa/ticket/4726 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-11-20 16:43:26 +01:00
Jan Cholasta	3d1e9813e6	Restore file extended attributes and SELinux context in ipa-restore https://fedorahosted.org/freeipa/ticket/4712 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-11-20 16:43:26 +01:00
Petr Viktorin	93422a54a3	Add additional backup & restore checks https://fedorahosted.org/freeipa/ticket/3893 Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-11-20 15:47:38 +01:00
Martin Basti	c80a59eff4	Raise right exception if domain name is not valid Because of dnspython implementation, in some cases UnicodeError is raised instead of DNS SyntaxError Ticket: https://fedorahosted.org/freeipa/ticket/4734 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2014-11-20 14:41:36 +00:00
Petr Vobornik	bff97e8b2e	webui: fix potential XSS vulnerabilities Escape user defined text to prevent XSS attacks. Extra precaution was taken to escape also parts which are unlikely to contain user-defined text. fixes CVE-2014-7850 https://fedorahosted.org/freeipa/ticket/4742 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-11-20 15:31:15 +01:00
Martin Basti	43285b1fc3	Show warning instead of error if CA did not start This is just workaround, checking if CA is working raises false positive exception during upgrade Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Simo Sorce <ssorce@redhat.com>	2014-11-20 10:30:22 +01:00
Petr Viktorin	a14ce85357	Do not restore SELinux settings that were not backed up https://fedorahosted.org/freeipa/ticket/4678 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-11-19 15:47:45 +01:00
Jan Cholasta	52b141ca6a	Fix wrong expiration date on renewed IPA CA certificates The expiration date was always set to the expiration date of the original certificate. https://fedorahosted.org/freeipa/ticket/4717 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-11-19 14:25:26 +00:00

1 2 3 4 5 ...

7768 Commits